The CyberWire Daily Briefing 07.06.16

Summary

By The CyberWire Staff

HummingBad, having infected more than 10 million Android devices worldwide, proves profitable to China’s “Yingmob.” Observers worry that the malware could be turned to uses more nefarious than clickfraud.

Bitdefender warns Mac users against “Eleanor,” a bogus document converter app (not available through Apple’s App Store) whose only functionality is a backdoor.

The ThinkPwn zero-day, about whose risk-level authorities differ, but which they agree is non-negligible, appears to affect Gigabyte motherboards’ firmware as well as UEFI drivers in Lenovo and HP laptops. There’s no fix out, yet.

Pseudo-Darkleech, the campaign Sucuri discovered in March 2015, continues morphing to evade detection. SANS says the ransomware campaign eliminated large blocks of telltale code and shifted exploit kits from Angler to Neutrino.

In industry news, Symantec’s stock price enjoyed a strong June surge, and Darktrace gets another $64 million funding round.

Many observers think ISIS’s end-of-Ramadan wave of massacres may have gone too far. States opposed to ISIS (notably France and the EU) are revising their intelligence approaches to counter-terrorism. But it remains unknown whether murder displayed online is losing its appeal to the Caliphate’s demographic.

In the US, the FBI yesterday declined to recommend indictment of former Secretary of State Clinton for mishandling classified information. FBI Director Comey said she did mishandle it, and that foreign intelligence services probably gained access to her private emails, but that other elements normally warranting prosecution were lacking. The FBI also excoriated the State Department for its carelessness with classified information. (In its démarche, State disagreed.)

Notes.

Today's issue includes events affecting Albania, Algeria, Bangladesh, Belgium, Brazil, Bulgaria, Canada, China, Colombia, Croatia, Czech Republic, Denmark, Egypt, Estonia, European Union, France, Germany, Greece, Hungary, Iceland, India, Indonesia, Israel, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Malaysia, Mexico, Nepal, Pakistan, Philippines, Poland, Portugal, Romania, Russia, Slovakia, Slovenia, Spain, Thailand, Turkey, Ukraine, United Kingdom, United States and Vietnam

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the Johns Hopkins University's Joe Carrigan on what you should know about securing your router. (We always welcome reviews of the podcast. You can post one at iTunes if you're so moved.)

Sponsored Events

E8 Security at Cisco Live 2016 (Las Vegas, NV, USA, July 11 - 13, 2016)

SINET Innovation Summit 2016 (New York, NY, USA, July 14, 2016)

Selected Reading

Cyber Trends

Industrialisation of cybercrime is disrupting digital enterprises (Help Net Security) Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cybercriminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG

Just 47% of corporations have cyber security strategy to combat employee blackmail, bribes to gain access to corporate information: report (Canadian Underwriter) The lion’s share of surveyed IT decision-makers at large multinational corporations may be aware that employees are being employed to gain access to information, but about half of respondents do not have a cyber security strategy to prevent such behaviour

IT Skills Gap Hurts Enterprise Security: Survey (InformationWeek) A survey of IT executives, managers, and practitioners finds the biggest challenges in infosec are around skills, not technology

Lack of role models keeps women out of cyber security (Financial Times) As a maths undergraduate, Holly Rostill went to a lecture about the internet. The speaker raised the point that, despite people using it every day, few understood its inner workings. This sparked Ms Rostill’s curiosity and she studied computer science modules as part of her degree, including programming, testing systems for vulnerabilities and cryptography. Ultimately this set Ms Rostill on a path that is relatively uncommon for young women: cyber security

Legislation, Policy and Regulation

UN counterterror chief: Nations must work smarter against IS (AP) The head of the U.N. Security Council's counterterrorism agency says the Islamic State group is proving more flexible and adaptable than the governments battling the militants

Key Cyber Issues For NATO´s Warsaw Summit (Breaking Defense) Cyberspace is likely be declared a domain of warfare at NATO’s Warsaw Summit. The cyber domain is an integral part of modern wars, conflicts and crises, and therefore also a key part of NATO´s current and future operative security environment. Since cyber topics should primarily be approached from the perspective of multidisciplinarity and strategy, NATO member states will need to make many commitments. Since the cyber domain is primarily a political domain, political decisions are especially crucial in Warsaw to strengthen NATO´s cyber readiness

EU parliament pushes ahead with plans to block, remove terrorist content online (Ars Technica) ... despite fears that overblocking could undermine fundamental rights

French Inquiry Advises Creation Of 'National Antiterrorism Agency' (Radio Free Europe/Radio Liberty) French lawmakers have recommended sweeping changes to the country's intelligence services in response to mounting concerns over the dangers posed by international terrorism

France wants a better intelligence structure. But how would it actually work? (Washington Post) On Tuesday, French lawmakers announced the results of a six-month inquiry into their nation’s intelligence services, still reeling from two deadly terrorist attacks in 2015. The committee’s major recommendation: create a unified intelligence structure better equipped to prevent future attacks

UK.gov rolls out 10 years' chokey for industrial scale copyright pirates (Register) Torrent release groups are the target - not teenagers

Chinese Hackers, Businesses and Government Coordinate Cyber Efforts (SIGNAL) The Middle Kingdom’s online strategies may owe more to Sun Tzu than to Moore’s law

IRS enhancing authentication, cyber education (FedScoop) The IRS has big plans for its security in fiscal year 2017, including adding an additional 50 million verification codes to W-2 forms, it announced at its annual Security Summit

The Cyber Implications of Acquisition Speed: Part III (SIGNAL) Full and open competition can improve federal procurement

Blackout: Inside Belarus, Europe's Last Dictatorship (VICE News) In BLACKOUT, a series made possible by Jigsaw, VICE News takes viewers across the globe, from Pakistan to Belarus, to examine technology's role in the ongoing fight for free expression

Hacker Lexicon: What Are CNE and CNA? (Wired) For years, the US government’s offensive hacking operations were kept in dark shadows, neither acknowledged nor discussed. That changed with the discovery of Stuxnet in 2010—a computer sabotage operation reportedly conducted by the US and Israel to destroy machines used in Iran’s once-illicit nuclear program

Products, Services, and Solutions

NSS Labs Publishes Data Center Intrusion Prevention System Test (NSS Labs) Overall security effectiveness ranged from 23.2% to 99.9%

10 cutting-edge tools that take endpoint security to a new level (Network World) The days of simple endpoint protection are over. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a small fraction of potential infections

Secure at the cloud - no, do it at the endpoint - Oh now, this is so confusing... Or is it? (ComputerWeekly) Security, for a decade or so, didn’t see much in the way of true change – yes, firewalls got smarter, likewise AV products (well, some anyway), IDS became IPS so it could actually stop something happening, encryption became more encrypted and VPNs became more virtual, but typically same old vendor faces, same old product types with variations on a theme

Synchronising cyber security: Is it time to combine network and endpoint security? (Computer Business Review) C-level briefing: Where others have failed, Sophos CEO Kris Hagerman hopes to succeed

Exabeam’s CEO Brings Speedy Analytics, Teamwork To Fight Against Ransomware (Integration Developer News) Exabeam is taking a two-fisted approach to the fight against ransomware. It is bringing together speedy analytics with a strong collation of willing security vendors. IDN talks with Exabeam CEO Nir Polak

Faraday: Collaborative pen test and vulnerability management platform (Help Net Security) Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time. It gives CISOs a better overview of their team’s job, tools and results. You can run it on Windows, Linux and OS X

Technologies, Techniques, and Standards

A Closer Look At Microsoft's Proposed Norms For Cybersecurity (Dark Reading) Microsoft last month outlined steps companies can take to collaborate on cybersecurity, following its proposed norms for nation-states

Quantum physics meets IT security (Tech Republic) It's hard enough for IT security managers to keep with the latest in conventional computing. Cloud Security Alliance and the US government are trying to make sure you don't need a physics degree, too

Researchers Endorse ‘Quantum-Safe’ Cloud Security (Enterprise Tech) With cyber attacks on IT infrastructure growing more sophisticated and costly by the day, researchers are looking for new ways to stay ahead of hackers by strengthening encryption. Among the emerging tools are quantum random number generators that introduce a higher level of unpredictability that is difficult to reproduce. That in turn makes it harder for attackers to simply steal of guess keys

How to Encrypt a Flash Drive Using VeraCrypt (eSecurity Planet) Many security experts prefer open source software like VeraCrypt, which can be used to encrypt flash drives, because of its readily available source code

Security can throw a spanner in the DevOps works (Computing) Rapid issue of certificates key to tackling fast deployment headache

How to Make Google Forget Your Most Embarrassing Searches (Washington Post) Google probably knows you better than your closest friends and family. With every search you make or YouTube video you watch, the search giant is quietly collecting information for a personalized profile it uses to serve you targeted ads. But a new tool called My Activity makes it easier than ever to see what information Google is stockpiling about you — and delete things you'd rather it forget. Here's what you need to know about this new tool and how it can help you manage your privacy

Why does spam and phishing get through Office 365? And what can be done about it? (Microsoft Developer) As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox. We are working hard to ensure we don’t mistakenly mark good email as spam. The question we regularly get from customers is this: Why does spam/phishing/malware get through? Why aren’t you blocking it?

Taking Aim at Cyber Attackers (SIGNAL) Security and big data give rise to new trend of threat hunting

Operationalizing Threat Intelligence (Network World) Enterprise organizations need to address current problems and integrate threat intelligence into their overall cybersecurity strategies to progress

8 Reasons You Need a Security Penetration Test (InformationWeek) One of the biggest challenges in IT security is determining whether the tools and configurations you have in place are giving your organization the level of security you require. Here's how penetration testing can help

DOD and Cybercom Want to Train for Realistic Cyberattacks (FedTech) The Defense Department wants to create a program that will help prepare the department to respond to complex and sophisticated attacks on critical infrastructure

Army seeks to use cyber at tactical level (FCW) Army leaders are getting a better sense of how soldiers at the brigade level can use cyber effects in battle, thanks to a pilot program launched last year. Feedback from the program will inform how the Army fights on the digital battlefields of the future and could have a ripple effect on the joint cyber force led by U.S. Cyber Command

Marketplace

U.S. Cyber-Surveillance Demands Keep IT Innovation Offshore (eWeek) IT companies in Europe and elsewhere are working hard on new technologies in places beyond the reach of the U.S. government worries about cyber-surveillance

Cybersecurity startup Darktrace intercepts $64M in fresh funding at a valuation of over $400M (TechCrunch) Darktrace, the U.K. cybersecurity startup whose backers include Autonomy founder Mike Lynch’s Invoke Capital, has closed $64 million in fresh funding

Why Symantec Corporation Gained 18% in June (NW Times) What: Shares of Symantec (NASDAQ: SYMC) rose 18.3% in June 2016, according to data from S&P Global Market Intelligence. The surge sprung from Symantec's $4.65 billion buyout of privately held data security expert Blue Coat Systems. This sharp jump included, the stock has traded roughly sideways in 2016

Bay Bank Engages Col. Edward C. Rothstein To Lead New Government Contracting And Cybersecurity Industry Group (Public Now) Bay Bank announced today that it has formed a new industry group focused on serving the debt capital, treasury and advisory needs of government contracting and cybersecurity clients. The bank engaged Col. Edward C. Rothstein, USA (Ret.), as a senior advisor to help launch this effort. He will work closely with Bay's Market Presidents Rich Ohnmacht and Todd Warren

Malwarebytes hires Justin Dolly as its first CISO (CSO) Malware prevention and remediation company Malwarebytes announced last week that it has hired Justin Dolly as the company's first CISO

CyberArk Announces Changes to Board of Directors (Yahoo! Finance) Udi Mokady elected Chairman; Gadi Tirosh named Lead Independent Director

Research and Development

These Maps Show What the Dark Web Looks Like (Motherboard) What does the dark web actually look like? Well, new research maps out the relationships between a load of Tor hidden services, and shows that many dark web sites, rather than being isolated entities, are perhaps more intimately intertwined than commonly thought

Cyber Attacks, Threats, and Vulnerabilities

The Islamic State just made a potentially disastrous mistake (Washington Post) In the global revulsion at the past week’s terror attacks in four Muslim countries, the United States and its allies have a new opportunity to build a unified command against the Islamic State and other extremists. But as the U.S. seeks to broaden this counter-terrorism alliance, it should be careful about partnering with Russia — unless Moscow distances itself from a Syrian regime that many Sunni Muslims despise

HummingBad malware puts 10 million Android devices at risk (TechNews Directory) There are some malware that are just plain horrifying, like the past Stagefright exploit. Some, like weak ransomware, are a nuisance at best. HummingBad, reported by security outfit Check Point, sits precariously in the middle. Right now, all it does is to compromise an Android device in order to trick people into clicking on ads in order to generate revenue for its creators and its partners. It has, however, the potential to do even more destructive, and profitable, things should the people behind it decide to go beyond mere money-making into a full-on war against security

10 million Android devices reportedly infected with Chinese malware (C|Net) A security software maker says that Chinese cybercriminals have gained access to millions of smartphones around the world

Chinese Ad Firm Raking in $300K a Month Through Adfraud, Android Malware (Threatpost) The same group of cybercriminals behind a strain of iOS malware uncovered last year have apparently diversified and now dabble in Android malware

New Mac OS X backdoor disguised as document converter app (Help Net Security) Bitdefender researchers have discovered and analyzed a new, highly dangerous piece of malware targeting Mac systems and users

Scope of ThinkPwn UEFI Zero Day Expands (Threatpost) A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte

The Changing Face of Pseudo-Darkleech (Threatpost) The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware

Exploit for GNU wget RCE flaw revealed (Help Net Security) Technical details about a serious vulnerability affecting all but the latest version of the GNU wget software have been released online, along with PoC exploit scenarios

TP-LINK loses control of two device configuration domains (Help Net Security) Security researcher Amitay Dan warns that tplinklogin.net, a domain through which TP-LINK router owners can configure their devices, is no longer owned by the company, and that this fact could be misused by malware peddlers

Most Post-Intrusion Cyber Attacks Involve Everyday Admin Tools (Threatpost) Think hackers use advanced malware and mysterious tools once they have infiltrated a network? According to security startup LightCyber, most attackers use the same mainstream security tools the good guys use, only for lateral movement, network mapping and remote control of endpoints

Facebook Trojan Hits 10,000 Victims In 48 Hours (Virus Guides) Between June 24 – 27, cyber criminals used Facebook spam messages to distribute malware. For 48 hours the virus hijacked user accounts to perform various operations, such as giving likes and sharing unwanted content

Cyber Attacks to Surge at Olympics, Israeli Security Firm Warns (Times of Israel) Based on analysis of previous sports events, Cytegic anticipates that hackers will dupe fans with counterfeit deals

PlayStation, Facebook block users due to 'offensive' first names (Graham Cluley) Bricks and stones may break my bones... but names?

Academia

West Point Trains Female Cadets For Cyber Branch (Dark Reading) An internship at a Silicon Valley startup is one program aimed at helping close the cybersecurity skills gap

DoD Hires Hackers to Teach Cyber (GovTech Works) At the same picturesque former hospital where Walter Reed taught medicine in the 1880s and ’90s, a new generation of cyber warrior is working on a very different kind of problem: how to teach the foundational skills needed to be a top-notch hacker for the government

As the imagination allows (SC Magazine) Cybersecurity suffers from a critical talent gap

Litigation, Investigation, and Enforcement

F.B.I. Director James Comey Recommends No Charges for Hillary Clinton on Email (New York Times) The F.B.I. director, James B. Comey, said on Tuesday that the bureau would not recommend criminal charges in Hillary Clinton’s handling of classified information, lifting an enormous legal cloud from her presidential campaign, hours before her first joint campaign appearance with President Obama

Text of F.B.I. Director’s Remarks on Investigation Into Hillary Clinton’s Email Use (New York Times) Following is the prepared text of remarks by Director James B. Comey on the investigation into Hillary Clinton’s personal email system, as released by the F.B.I

A glossary of technical terms in the FBI announcement on Clinton’s email server (Washington Post) FBI Director James Comey's explanation of the agency's investigation into Hillary Clinton's use of a private email server as secretary of state was direct and articulate. Over the course of 10 minutes or so, Comey outlined precisely what the agency looked for and what it found. In doing so, however, he also used a number of precise terms that, to a layperson, might not be immediately clear

FBI Director: Clinton “extremely careless” with e-mails, but recommends no prosecution (Ars Technica) Clinton e-mail may have been hacked; questions of double-standard at FBI

Reminder: Public Officials Using Private Email Servers Is Indefensible (Motherboard) Tuesday morning, FBI Director James Comey announced that the agency would recommend the United States not pursue criminal charges against presumptive Democratic presidential nominee Hillary Clinton for her use of a private email server during her time as Secretary of State

Hillary Clinton’s email problems might be even worse than we thought (Washington Post) Here’s the good news for Hillary Clinton: The FBI has recommended that no charges be brought following its investigation of the former secretary of state's private email server. Here’s the bad news: Just about everything else

What We Know About Hillary Clinton’s Private Email Server (New York Times) The F.B.I. on Tuesday recommended no charges against Hillary Clinton over her handling of classified information on a private email domain as secretary of state, but called it “extremely careless.” Attorney General Loretta Lynch said last week that she would accept whatever recommendation she received from the F.B.I. Ms. Clinton’s email has been the focus of a half-dozen other inquiries and legal proceedings

FBI Hints That Hillary Clinton’s Private Server Got Hacked (Daily Beast) Whatever secrets Hillary Clinton had on her email system, they’re now possibly in the hands of hackers, FBI director Jim Comey said in an extraordinary press conference

Despite FBI findings, experts say Clinton's email likely hacked (Politico) America’s digital adversaries — including China, Russia and even Israel — may have had access to Hillary Clinton’s private email arrangement, security experts say, despite the FBI’s conclusion that there is no “direct evidence” of such breaches occurring

James Comey’s Rebuke of Hillary Clinton Fits a 3-Decade Pattern (New York Times) For 15 minutes on Tuesday morning, as the political world held its breath, the F.B.I. director, James B. Comey, laid out in clinical detail how the Democratic candidate for president had misused her private email account

Comey’s unusual public recommendation in the Clinton email investigation (Washington Post) FBI Director James Comey announced the results of the FBI’s investigation into Hillary Clinton’s handling of classified email on a private server when she was secretary of state. The FBI found evidence of “extreme” carelessness in handling classified materials but found no intent to violate any laws on classified information. Most importantly, the FBI is recommending to the Justice Department that it not bring a criminal prosecution

F.B.I.’s Critique of Hillary Clinton Is a Ready-Made Attack Ad (New York Times) Hillary Clinton may not be indicted on criminal charges over her handling of classified email, but the F.B.I. director, James B. Comey, all but indicted her judgment and competence on Tuesday — two vital pillars of her presidential candidacy — and in the kind of terms that would be politically devastating in a normal election year

What the Email Inquiry Says About Washington and Its Secrets (New York Times) When the F.B.I. director, James B. Comey, announced the bureau’s findings in its investigation of Hillary Clinton’s personal email server, he revealed something that, while cloaked in opaque technical language, helped to answer a question long at the heart of this controversy: Just how sensitive was the information in those emails?

Comey Indicts the State Department Information Security Culture (Lawfare) FBI Director Jim Comey announced that the FBI has concluded its investigation into Hillary Clinton’s use of a private email server and is recommending that the Department of Justice not pursue any charges. Ben has already shared some thoughts on the statement and decision to not pursue charges. However, there is one additional element worth noting. Within the more politically consequential parts of his statement, Comey takes a notable swipe at the information security culture of the State Department

State Dept. feuds with FBI after 'security culture' criticism (The Hill) The State Department on Tuesday took issue with FBI Director James Comey’s criticism of its ability to protect classified information

GOP congressmen call for new independent counsel, to probe Clinton again (Washington Post) Rep. Mike Turner (R-Ohio) became the first Republican to call for a new, independent investigation of Hillary Clinton's use of email during her years at the State Department, saying in a statement that the defunct independent counsel statute should be revived to "make an independent and impartial decision" about whether Clinton should be charged

Court decision raises issues about sharing passwords (CSO) Former employees had accessed company records using a password shared by a current staffer

The War Over Soon-to-Be-Outdated Army Intelligence Systems (Defense One) The epic saga of Palantir vs. the Army is gearing up for a big courtroom finish

Namibia is top African destination for cyber criminals (The Namibian) “Namibia might be a small country known to only a few internationally, but we have become a popular destination for cyber criminals to practise their trade. Sadly, by the end of December 2015 we were identified as the top African destination for cyber criminals by Check Point Software Technologies.” So says Garth Kleintjies, chief information officer of FNB Namibia

Finjan Sues ESET for Patent Infringement in the United States and Germany (Sys-Con Media) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, today announced that its subsidiary Finjan, Inc. ("Finjan") has filed contemporaneous patent infringement lawsuits against ESET LLC, a California Corporation and its parent corporation, ESET SPOL S.R.O., a Slovak Republican Corporation (collectively "ESET"), in California and in Germany, alleging infringement of six Finjan U.S. patents and one European patent

Could Your Selfies be Held to Ransom? Alleged Instagram Account Hacker Arrested (Graham Cluley) The incredibly cool-sounding Titan, the North West of England's regional organised crime unit, have arrested a 16-year-old boy from Croxteth, Liverpool, on suspicion of hacking an Instagram account

Design and Innovation

It’s time to redesign the connected car (Automotive World) In the interests of cyber security, Kaspersky Lab wants the industry to collaborate on a ‘complete redesign’ of connected car architecture

Drivers are warming up to autonomous cars. Mostly. (TechCrunch) The results of two new studies — one big, one really big — on what consumers want in autonomous cars have been released recently. The answer of both is, in a nutshell, we want to be able to let a car drive on its own when driving is monotonous or annoying, like during the daily commute. But we also definitely want to have the ability to take control of the car if something goes wrong. Or if we just want to drive the fun parts

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, July 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East Coast Time). The importance of open-source intelligence (OSINT) has increased exponentially as more and more information has come available online. At the same time, the increased sophistication of websites and platforms means the content one sees can be easily blocked or manipulated based on one’s attribution to an organization, region, or country. This presentation focuses on the importance of Managed Attribution, detailing the technical methods employed by websites and platforms to determine attribution, and presenting solutions that allow users to manage their attribution in order to get access to the most authentic and accurate information.

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730 East Coast Time). This talk describes the challenges of quantifying offensive and defensive capabilities and posture. This is not an IT-oriented metrics-talk about measuring the firewall rules or number of incidents last year. Instead, you’ll hear about new military-backed research on how to quantify the effectiveness of attacks, predict outcomes and measure defensive strength, as well as the future of data-driven security technologies.

upcoming Events

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands, so are the technology tools available to help meet them. This one-day conference will take a big-picture look at the threats facing banks today and tomorrow, and offer insights on how to combat them.

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry. Each of the nominators can submit nominations in the following categories or combination of categories: Technology, Policy, Public Awareness, Education, and Business.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry experts to examine cyber security in the automotive industry. The Chairman and CEO of General Motors, Mary Barra, U.S. Transportation Secretary Anthony Foxx, U.S. Senator Gary C. Peters and Lyft CEO and Co-Founder Logan Green will discuss industry and government insights on automotive cybersecurity.

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.